CVE-2012-0235
published 2012-02-21CVE-2012-0235: Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified…
PriorityP421medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
0.50%
39.3th percentile
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | advantech_webaccess | <= 6.0 | — |
| advantech | advantech_webaccess | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess Vulnerabilities (UPDATE A)
cisa_ics·2011-11-02
Advantech WebAccess Vulnerabilities (UPDATE A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess Vulnerabilities (UPDATE A)
Last RevisedAugust 27, 2018
Alert CodeICSA-12-047-01A
OVERVIEW
This advisory follows up on two previous ICS-CERT Alerts:
- “ICS-ALERT-11-245-01—Multiple ActiveX Vulnerabilities in Advantech BroadWin WebAccess,” published September 2, 2011.http://ics-cert.us-cert.gov/alerts/ICS-ALERT-11-245-01, ICS-ALERT-11-245-01, website last accessed February 15, 2012.
- “ICS‑ALERT-11-306-01—Advantech BroadWin WebAccess ActiveX Vulnerability,” published November 2, 2011.http://ics-cert.us-cert.gov/alerts/ICS-ALERT-11-306-01, ICS-ALERT-11-306-01,
GHSA
GHSA-j59g-6x3v-w52j: Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7
ghsa_unreviewed·2022-05-17·CVSS 6.0
CVE-2012-1235 [MEDIUM] CWE-352 GHSA-j59g-6x3v-w52j: Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235.
GHSA
GHSA-r7xf-wvg7-gvx2: Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7
ghsa_unreviewed·2022-05-04
CVE-2012-0235 [MEDIUM] CWE-352 GHSA-r7xf-wvg7-gvx2: Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2012-02-21
Published